Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New mediaservices sploit

From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Sat, 13 Mar 2004 16:07:49 -0600
It is a stripped down Apache2 install, no mod_cgi, no mod_ssi. Assume the 
system is firewalled both ways and there are no third-party or 
system-installed web services (besides this one). The NTLM hijack is 
simple, but there are a dozen other ways to do it, I was wondering if 
anyone knew how to execute a command simply by writing a file to the OS 
somewhere. I beat my head against it off and on for a couple months, was 
wondering if anyone had some r33t tknqz  to share :)

-HD

On Saturday 13 March 2004 13:32, some people wrote:

It is running as system, and you can if IIS is running... but you can
also upload any file :)



You can't write a .asp file into the scripts directory? Or a .dll? I
assume not. You're running as SYSTEM? Why not write to \\myserver\\
and steal the token and relogin through NTLM auth?

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: